UBUNTU-CVE-2017-15939

dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, mishandles NULL files in a .debugline file table, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted ELF file, related to...

PRTG Network Monitor Arbitrary Code Execution Vulnerability

Paessler PRTG Network Monitor is a suite of network monitoring software from the German company Paessler. The software provides usage monitoring, packet sniffing, in-depth analysis and concise reports. A security vulnerability exists in PRTG Network Monitor version 17.3.33.2830. The vulnerability...

Memory Corruption Vulnerability in Youku PC Player (CNVD-2017-35557)

Youku PC Player is video player software for Youku.com. A memory corruption vulnerability exists in YoukuNplayer.exe of Youku P Player when parsing special vob video files, which can be exploited by attackers to cause a denial of service or code execution...

Bad Rabbit ransomware

UPDATE 27.10.2017. Decryption opportunity assessment. File recovery possibility. Verdicts What happened? On October 24th we observed notifications of mass attacks with ransomware called Bad Rabbit. It has been targeting organizations and consumers, mostly in Russia but there have also been report...

USN-3454-2: libffi vulnerability

USN-3454-1 fixed a vulnerability in libffi. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that libffi incorrectly enforced an executable stack. An attacker could possibly use this issue, in combination with another vulnerability, ...

CVE-2017-15651

PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message...

Berta CMS Arbitrary File Upload Vulnerability

Berta CMS is a PHP-based web content management system CMS. An arbitrary file upload vulnerability exists in Berta CMS. A remote attacker can exploit this vulnerability by uploading an image file with an executable extension to execute arbitrary code...

Nero Elevation of Privilege Vulnerability

Nero is a suite of CD burning software that offers burning, copying, editing, ripping and converting features. A security vulnerability exists in Nero version 7.10.1.0. The vulnerability can be exploited to invoke malicious code with elevated privileges via a malicious Nero.exe file in the...

Remote code execution

An active network attacker MiTM can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first forces the client t...

[SECURITY] Fedora 25 Update: upx-3.94-1.fc25

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 26 Update: upx-3.94-1.fc26

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

Integer Overflow Vulnerability in WPS Forms

WPS Office is an office software suite developed independently by Kingsoft Corporation. An integer overflow vulnerability exists in formset.exe in WPS when parsing a specific xlsx file, which can be exploited by an attacker to cause a denial of service or code execution...

Memory Corruption Vulnerability in WPS Forms (CNVD-2017-34122)

WPS Office is an office software suite developed independently by Kingsoft Corporation. A memory corruption vulnerability exists in formset.exe in WPS when parsing certain xls files, which can be exploited by an attacker to cause a denial of service or code execution...

Memory Corruption Vulnerability in WPS Forms (CNVD-2017-34136)

WPS Office is an office software suite developed independently by Kingsoft Corporation. A memory corruption vulnerability exists in formset.exe in WPS when parsing certain xls files, which can be exploited by an attacker to cause a denial of service or code execution...

Symantec Norton Security IDSvix86 PE Remote System Denial of Service Vulnerability(CVE-2016-5308)

SUMMARY A denial of service vulnerability exists in the Portable Executable file scanning functionality of Symantec Norton Security. A specially crafted PE file can cause an access violation in IDSvix86 kernel driver resulting in denial of service. An attacker can trigger this vulnerability for...

Unrestricted file upload

Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct...

WPS Presentation suffers from a null pointer reference vulnerability (CNVD-2017-33982)

WPS office is an office software suite independently developed by Kingsoft Corporation. A null pointer reference vulnerability exists in the pptxrw module of the WPS presentation wpp.exe in WPS when parsing a specific ppt file, which can be exploited by an attacker to cause a denial of service or...

Memory corruption vulnerability exists in WPS Presentation (CNVD-2017-33995)

WPS office is an office software suite independently developed by Kingsoft Corporation. A memory corruption vulnerability exists in WPS presentation wpp.exe in WPS when parsing a specific ppt file, which can be exploited by an attacker to cause a denial of service...

WPS Presentation suffers from a null pointer reference vulnerability (CNVD-2017-33986)

WPS office is an office software suite independently developed by Kingsoft Corporation. A null pointer reference vulnerability exists in WPS presentation wpp.exe in WPS when parsing a specific pptx file, which can be exploited by an attacker to cause a denial of service or code execution...

Denial of Service Vulnerability in WPS Text

WPS office is an office software suite independently developed by Kingsoft Corporation. A denial of service vulnerability exists in WPS text wps.exe in WPSmain when parsing a specific docx file, which can be exploited by an attacker to cause a denial of service...